Spring 卷曲';获取';成功,但卷曲';邮政';不成功
我使用SpringBoot+Rest+SpringSecurity(basicauth)作为我的后端API。 我可以用GET卷曲,但不能用POST卷曲 我正在使用application.property+websecurityConfigureAdapter设置我的安全性 应用程序属性Spring 卷曲';获取';成功,但卷曲';邮政';不成功,spring,rest,spring-boot,spring-security,Spring,Rest,Spring Boot,Spring Security,我使用SpringBoot+Rest+SpringSecurity(basicauth)作为我的后端API。 我可以用GET卷曲,但不能用POST卷曲 我正在使用application.property+websecurityConfigureAdapter设置我的安全性 应用程序属性 spring.security.user.name=a spring.security.user.password=b Web安全配置适配器 public class WebSecurityConfig ext
spring.security.user.name=a
spring.security.user.password=b
Web安全配置适配器
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
}
}
控制器
@RestController
@RequestMapping(value="/api")
public class ExploreController {
Logger logger = LoggerFactory.getLogger(ExploreController.class);
@RequestMapping(value="/exploregethead", method = RequestMethod.GET)
public HashMap<String, String> exploregethead(HttpServletRequest request, HttpServletResponse response) {
Enumeration headerNames = request.getHeaderNames();
HashMap<String, String> map = new HashMap<>();
while (headerNames.hasMoreElements()) {
String key = (String) headerNames.nextElement();
String value = request.getHeader(key);
logger.info(key + " : " + value);
map.put(key, value);
}
return map;
}
@RequestMapping(value="/exploreposthead", method = RequestMethod.POST)
public HashMap<String, String> exploreposthead(HttpServletRequest request, HttpServletResponse response) {
Enumeration headerNames = request.getHeaderNames();
HashMap<String, String> map = new HashMap<>();
while (headerNames.hasMoreElements()) {
String key = (String) headerNames.nextElement();
String value = request.getHeader(key);
logger.info(key + " : " + value);
map.put(key, value);
}
return map;
}
}
这两个rest请求相似,只是一个接受GET,另一个接受POST
我使用curl来测试它,我有两个不同的输出
curl -i -X GET -H "Authorization:Basic YTpi" http://localhost:8080/api/exploregethead
当我使用curl发布API时,我遇到了401错误
curl -i -X POST -H "Authorization:Basic YTpi" http://localhost:8080/api/exploreposthead
我尝试使用rest客户端发布API,它会提示我输入用户名和密码。但我输入了用户名“a”和密码“b”,它仍然不起作用
请告知我做错的部分。谢谢。我正在学习下面的教程。 谢谢你 Application.property-已删除 控制器-无变化 CorsFilter-无变化 WebSecurityConfig-更新如下 软件包app.mootor.api
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityJavaConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("{noop}password").roles("USER")
.and()
.withUser("admin").password("{noop}password").roles("USER", "ADMIN");
}
// Secure the endpoins with HTTP Basic authentication
@Override
protected void configure(HttpSecurity http) throws Exception {
http
//HTTP Basic authentication
.httpBasic()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/api/**").hasRole("USER")
.antMatchers(HttpMethod.POST, "/api/**").hasRole("USER")
.antMatchers(HttpMethod.GET, "/aapi/**").hasRole("ADMIN")
.antMatchers(HttpMethod.POST, "/aapi/**").hasRole("ADMIN")
.and()
.csrf().disable()
.formLogin().disable();
}
}
测试获取
curl localhost:8080/api/explore -u user:password
测试桩
curl localhost:8080/api/exploreposthead -X POST -u user:password
我遵循下面的教程。 谢谢你 Application.property-已删除 控制器-无变化 CorsFilter-无变化 WebSecurityConfig-更新如下 软件包app.mootor.api
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityJavaConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("user").password("{noop}password").roles("USER")
.and()
.withUser("admin").password("{noop}password").roles("USER", "ADMIN");
}
// Secure the endpoins with HTTP Basic authentication
@Override
protected void configure(HttpSecurity http) throws Exception {
http
//HTTP Basic authentication
.httpBasic()
.and()
.authorizeRequests()
.antMatchers(HttpMethod.GET, "/api/**").hasRole("USER")
.antMatchers(HttpMethod.POST, "/api/**").hasRole("USER")
.antMatchers(HttpMethod.GET, "/aapi/**").hasRole("ADMIN")
.antMatchers(HttpMethod.POST, "/aapi/**").hasRole("ADMIN")
.and()
.csrf().disable()
.formLogin().disable();
}
}
测试获取
curl localhost:8080/api/explore -u user:password
测试桩
curl localhost:8080/api/exploreposthead -X POST -u user:password
控制器资源只是“/exploreposthead”,但在curl命令中查询“/api/exploreposthead”。试着选择一个并在两个地方都使用。谢谢。我确实在代码中添加了标题。刚刚编辑了这个问题,包括@RequestMapping(value=“/api”),您得到的响应代码是什么?它在哪一层或之前的安全层失败?没有返回错误消息。我设置了断点,它没有命中控制器,但命中了CorsFilter。您的控制器资源只是“/exploreposthead”,但在curl命令中查询“/api/exploreposthead”。试着选择一个并在两个地方都使用。谢谢。我确实在代码中添加了标题。刚刚编辑了这个问题,包括@RequestMapping(value=“/api”),您得到的响应代码是什么?它在哪一层或之前的安全层失败?没有返回错误消息。我设置了断点,它没有击中控制器,但击中了CorsFilter。